Internal Audit & Risk Management

Here we provide information about internal audits, the role of the Lead Executive Director and risk management directives.

This page explains the role and objectives of the Audit Service within Northumberland County Council.

Section 151 of the Local Government Act 1972 requires the proper administration of all the financial affairs within the County Council. The officer holding this responsibility is referred to as the Lead Executive Director.

The Lead Executive Director should provide a range of services to all council directorates and associated bodies, including Advance Northumberland, the Northumberland development company.

There are three services within the Finance Group:
  • Business Support
  • Administration and Transactional Services
  • Audit
The Audit Service is split into three sections:
Internal audits must be carried out by every local government organisation, as stated by Section 151 of the Local Government Act 1972.

Our aim is to give assurance to management and members that certain processes operate in an efficient and effective manner and ensure the integrity of transactions.

The work and performance of the Audit Service is overseen by the County Council's Audit Committee.

Internal Audit also has responsibility for investigating possible irregularities. For further information on the Council's Commitment to Fighting Fraud, please visit our fraud information web page.
The Audit Service provides an independent appraisal to the County Council to review its systems of internal control. It is a review activity which does not relieve line management of its responsibility for ensuring that effective systems of control are in place.

The Audit Service fulfils this role by carrying out independent reviews of the County Council's activities and reporting its findings to those who need to know and can ensure appropriate action is taken.

In carrying out this role, the Audit Service complies with the Chartered Institute of Public Finance and Accountancy (CIPFA) code of practice for internal audits in local government and other CIPFA statements.
To objectively assure the County Council that:
  • its systems of internal control are operating effectively,
  • its operations are being conducted in accordance with council policy and procedures, current legislation and provide best value; and,
  • its assets and interests are accounted for and safeguarded from losses of all kinds, including fraud, waste and inefficiency.
The Audit Service derives its authority from the County Council through its constitution. The Audit Committee has approved the charter and considers and monitors the Annual Audit Plan.

The Audit Service has authority to:
  • visit any county council establishment at any time,
  • have access to all documents, correspondence and other records,
  • have access to all stocks and cash held at establishments; and,
  • require and receive from employees, members and other persons, assistance or explanation, written or oral.
In carrying out its role, the Audit Service will maintain objectivity and display professionalism. It will be tactful and provide advice and assistance where appropriate.

The Audit Service will maintain a Srategic Audit Plan, which will take account of the audit needs and risks of the Council, ensuring they are subject to audit over a five-year period. The Audit Plan is developed alongside other directorates and stakeholders.

Each year the Head of Audit and Risk Management presents the updated strategic plan, along with a detailed plan of activity for the forthcoming year to the audit committee for approval. Progress against the plan will be reported to the Audit Committee throughout the year.

The Head of Audit and Risk Management provides an annual report on internal control systems to the Audit Committee.

The Audit Service also reviews systems under development, perform special investigations where necessary and seeks to minimise the potential for fraud and corruption within the County Council. The Audit Service will work closely with external audit (Deloitte) and other external review agencies, with the aim of co-ordinating, planning and avoiding unnecessary duplication.

Specialist computer audit work is undertaken by a contractor reporting directly to senior management.
This section explains the role and objectives of the Risk Management Team within Northumberland County Council.

Our aim is to reduce the level of risk facing the council that may prevent it from achieving objectives. This is overseen by the County Council's Audit Committee.
The team co-ordinates risk management across the County Council. The team fulfils its role by developing and implementing ways to manage risks across the County Council.
  • input into corporate governance processes,
  • drive the embedding of risk management processes throughout the County Council; and,
  • provide support and guidance on risk management issues throughout the County Council.
The Council's corporate planning processes incorporate the consideration of risk at an early stage, both at a strategic and operational level. The process formalises the consideration of risk within projects and proposals, as contained in reports going to the Strategic Management Team/Executive.

Escalation within the risk appraisal process ensures the consideration of risk is not unduly onerous for less significant issues. The process is underpinned by a risk assessment workshop involving interested parties and, where appropriate, approval by the Risk Appraisal Panel comprising members and senior officers.

Various proformas and guidance are provided in the Risk Management Toolkit: Risk Assessment Templates Risk Appraisal Panel Action Plans and Monitoring
Responsibilities of the Risk Management Team are to:
  • facilitate and provide support to the organisation's risk management process, giving advice and guidance on best practice,
  • co-ordinate Northumberland County Council's risk management approach, ensuring a consistent approach is adopted throughout the organisation,
  • report regularly to the Audit Committee and Executive/Strategic Management Team on progress,
  • develop Northumberland County Council's risk management approach, including setting of policy, strategy and methodology; and,
  • ensure risk management is integrated within the policy development, service planning and performance management processes
  Responsibilities of County Council Services:  
  • implement the Risk Management Policy,
  • ensure risk assessment protocols and adequate controls are in place,
  • ensure identified actions to reduce the level of residual risk are implemented,
  • monitor progress and report upon performance in reducing risk at all levels; and,
  • utilise management reports to improve risk management within the Council.
If you are a member of the public and believe you have suffered damage as a result of Council negligence, you need to write in to the Insurance Team at the address given below, or email the insurance mailbox.

Details must include your full name, date of birth and national insurance number. For any motoring incidents, we also require copies of evidence of your car ownership, tax disk and MOT certificate.

Please provide a full explanation and details of the incident that has occurred and any damage suffered, along with photographic evidence where possible and two estimates of the value of work required to make good the damage, if appropriate. It is important you provide the precise location of the incident and the date and time.

Where it is necessary for you to make an immediate repair, e.g. replace a tyre, we also require you to retain the damaged item for inspection by ourselves or our insurance company.

All claims are thoroughly investigated, and we prosecute anyone found to have submitted a fraudulent claim.

Email the insurance mailbox:

Or write to us at:

Insurance Team
Administration and Transactional Services
Finance Group
Northumberland County Council
County Hall
NE61 2EF
Fax: (01670) 626039
Lynne Brown, Risk Management Officer Ben Allan, Senior Risk Management Officer Kevin McDonald, Head of Internal Audit & Risk Management Address
Internal Audit and Risk Management 
Northumberland County Council
County Hall
NE61 2EF
Here you will find information about the Council's participation in the National Fraud Initiative data matching exercise.

Northumberland County Council is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

To help do this, the Cabinet Office carries out the National Fraud Initiative data matching exercise. This involves public bodies across the country sending in certain types of data to the Cabinet Office, which they then compare to spot any differences or anomalies in order to prevent and detect fraud.  Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

Northumberland County Council participates in the National Fraud Initiative data matching exercise to assist in the prevention and detection of fraud.  We are required to provide particular sets of data, including those noted below, to the Minister for the Cabinet Office for matching for each exercise. 

•    Housing benefits
•    Council tax
•    Students eligible for a loan
•    Housing – current tenants, waiting list and right to buy
•    Trade creditors – payment history and standing data
•    Private supported care home residents
•    Personal budgets
•    Blue badges
•    Residents’ parking permits
•    Concessionary travel passes
•    Electoral registerInsurance claims
•    Payroll and pensions

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014.  It does not require the consent of the individuals concerned under the Data Protection Act  or the General Data Protection Regulations (GDPR).  Data matching by the Cabinet Office is subject to a code of practice.

Further information on the Cabinet Office’s legal powers and the reasons why it matches particular information is available here.

Futher information regarding our privacy policy including our full privacy notice is available here.